CN108351924A - Electronic security(ELSEC) container - Google Patents

Electronic security(ELSEC) container Download PDF

Info

Publication number
CN108351924A
CN108351924A CN201680050188.8A CN201680050188A CN108351924A CN 108351924 A CN108351924 A CN 108351924A CN 201680050188 A CN201680050188 A CN 201680050188A CN 108351924 A CN108351924 A CN 108351924A
Authority
CN
China
Prior art keywords
esc
user
security
requestor
service ticket
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201680050188.8A
Other languages
Chinese (zh)
Inventor
R.A.埃克尔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Murphy Letter American LLC
Idemia Identity and Security USA LLC
Original Assignee
Murphy Letter American LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Murphy Letter American LLC filed Critical Murphy Letter American LLC
Publication of CN108351924A publication Critical patent/CN108351924A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

One aspect of the present invention is characterized by ESC.ESC includes user-defined Service Ticket set comprising for user, uniquely at least one voucher, wherein Service Ticket set define the security level of the ESC for authorizing the access to being stored in the content in ESC.Delegated strategy, authentication requesting of the definition at least one requestor.And Security mapping strategy, requestor's Service Ticket from least one requestor is converted into security intensity and is compared for the security intensity of the security level with ESC.

Description

Electronic security(ELSEC) container
Cross reference to related applications
This application claims the equity of the applying date for the U.S. Provisional Application No. 62/186,726 submitted on June 30th, 2015.It is beautiful The content of state's application number 62/186,726 is integrally incorporated herein by quoting with it.
Technical field
This specification is related to electronic data security.
Background technology
Electronic data security and privacy are more and more important in modern communications and computer system.Private and private corporation letter Breath store in electronic format more and more, including for example electronic mark form, electric paying method, electronic medical record and Electronics law and business documentation.Include the visit based on encrypted credentials to data-storage system for protecting the technology of electronic data It asks.
Invention content
This specification is related to electronic security(ELSEC) container(ESC)And the method for accessing the user content being included in ESC And system.
One aspect of the present invention is characterized by a kind of ESC.ESC includes user-defined Service Ticket set comprising For user, uniquely at least one voucher, wherein the Service Ticket set are defined for authorizing in being stored in ESC The security level of the ESC of the access of appearance.Delegated strategy, authentication requesting of the definition at least one requestor.And safety Requestor's Service Ticket from least one requestor is converted to security intensity for the peace with ESC by mapping policy The security intensity of full rank is compared.
This and other realization methods can optionally include one or more of following characteristics.Security level can It is the first security level, and user-defined Service Ticket set can be first group of user-defined Service Ticket set. In addition, ESC can include the Service Ticket set that defines of second user comprising for the unique at least one voucher of user, Wherein the second Service Ticket set defines the second security level of the ESC for authorizing the access to being stored in the content in ESC. The security intensity of second security level can be more than the security intensity of the first security level.
Another aspect of the present invention is characterized by a kind of ESC electronic devices.Electronic device include user-defined certification with Card set comprising uniquely at least one voucher, wherein Service Ticket set are defined for authorizing to being stored in for user The security level of the ESC of the access of content in ESC.Delegated strategy, authentication requesting of the definition at least one requestor. And Security mapping strategy, by requestor's Service Ticket from least one requestor be converted to security intensity for The security intensity of the security level of ESC is compared.
This and other realization methods can optionally include one or more of following characteristics.Electronic device can It is Cloud Server.Electronic device can be mobile computing device.Electronic device can be the microchip on chip card.
Other aspects of theme described in this specification can embody in the method including acting as follows:From request Person receives the request to accessing the content being included in ESC.Obtain the user that requester accesses are included in the data in ESC Agree to.Agree in response to obtaining user, determines whether request is believable based on the Service Ticket of requestor.Determine requestor's Whether the security intensity of Service Ticket meets or more than security intensity associated with the security level of ESC, the wherein safety of ESC Rank is by including that the user-defined Service Ticket set of the unique at least one voucher of user is defined.In response to determination The security intensity satisfaction of the Service Ticket of requestor or the security intensity of the security level more than ESC, provide to requestor to packet It is contained in the access of the content in the security level of ESC.
This and other realization methods can optionally include one or more of following characteristics.It obtains for request The user that person accesses the data being included in ESC agrees to can include that user is authorized asks for the delegated strategy verification based on ESC The person of asking accesses the data being included in ESC.The user for obtaining the data being included in ESC for requester accesses agrees to wrap The mandate for content of the requester accesses from ESC to user's request is included, and receives instruction and requester accesses is come from The user of the mandate of the content of ESC inputs.User's input can indicate requestor can be accessed from it one of ESC of content or Multiple security levels.
Determine whether the security intensity of the Service Ticket of requestor meets or more than peace associated with the security level of ESC Full strength can include based on the Security mapping strategy of ESC come determine the security intensity of the Service Ticket of requestor, determination with it is fixed The associated security intensity of user-defined Service Ticket set of the security level of adopted ESC and by the certification of requestor with The security intensity of card is compared with the security intensity of user-defined Service Ticket set.
It is set forth in one or more realization methods of theme described in this specification in the the accompanying drawings and the following description Details.Other features, aspect and the advantage of theme will become apparent according to this description, drawings and claims.
Description of the drawings
Figure 1A and Figure 1B depicts the expression of the exemplary electron safety container according to the realization method of the disclosure.
Fig. 2 depicts the example system for the realization method for being able to carry out the disclosure.
Fig. 3 and Fig. 4 depicts the instantiation procedure being able to carry out according to the realization method of the disclosure.
Similar reference number and label indicate similar element in various attached drawings.
Specific implementation mode
The realization method of the disclosure relates generally to ESC, and for accessing the user content being included in ESC(For example, User data)Method and system.More particularly, ESC is secured data structure, prevents from accessing other content(For example, not adding Close user data), unless access entity is properly authenticated.For example, ESC is used as the data for storing unencryption(For example, ESC content-datas)Electronic safe, only in access entity(For example, another(Nonowners)User, enterprise, government's machine Structure)Correct certification when just may have access to.Therefore, ESC and current Technology On Data Encryption the difference is that, instead of to sensitivity Data itself are encrypted, can be pure with its by sensitive data(Unencryption)Format(For example, as text-only file, jpg images File)It is stored in safe electronic container, ESC " inside ".In addition, ESC is for each owner/with being unique per family, because Access strategy and voucher are defined by the user completely, and need use for the unique at least one attribute of the owner. That is the owner/user defines both the number amount and type for accessing the required voucher of data being stored in ESC.ESC is By the owner/user(For example, possessing the user of ESC)Definition and be based on voucher associated with the owner/user, unless Such as it may need further to clarify when referring to nonowners user.However, for simplicity, spreading remaining of this description Partly using term " user " to refer to the owner/user, unless may need further to clarify.
ESC can be realized on physics ESC cards(For example, as the microchip on standard identity certificate card), calculate fill It sets(For example, as the app on smart phone)Or in the computing environment of trustship(For example, cloud trusteeship service).It can make Access with any user-defined combination of Service Ticket come certification to ESC, Service Ticket such as, but not limited to authentication image (For example, digital watermarking, quickly identification(QR)Code), near-field communication(NFC)Code, radio frequency identification(RFID)Code, bio-identification or its His Service Ticket appropriate.Service Ticket can with but need not include any personal recognizable information(PII).
For example, replacing carrying identity document(For example, driving license or passport), user can store electronic identity documents Carry in ESC and only ESC.Work as access entity(For example, another(Nonowners)User, enterprise, government organs)Request is used When the identity document at family, their ESC can be only presented in user.For example, in customs inspection point, user can be by their intelligence Phone is placed close to customs's computer.The smart phone of user for example can receive customs's machine via NFC from customs's computer The Service Ticket of the ESC for accessing user of structure.One has authenticated the Service Ticket of custom agency and according to user in ESC The smart phone of the strategy of setting, user can be provided to customs's computer to being stored in user's E-Passport in ESC It accesses.For example, strategy can include the rule for accessing ESC or the data being stored in ESC for authorized user(For example, one Or multiple conditions or condition combination or)Or the set of program.
As another example, ESC can include the credit card information of user, and user can be to enterprise(Such as supermarket) Access to ESC is provided.For example, when user is in Supermarket account-settling, smart phone can be presented in user(With digital container).Intelligence Energy phone can be from point of sale(POS)Computer receives the Service Ticket of supermarket, and the strategy that is arranged in ESC according to user is tested The Service Ticket of supermarket is demonstrate,proved, and in response, the access to the credit card information of user is provided to the POS computer of supermarket.
In some instances, ESC itself can be stored on server, and ESC cards or the ESC application of user can The mark data of ESC including identity user(For example, coded image, NFC codes or RFID codes).Access entity is able to access that The ESC mark datas of user, and by ESC mark datas together with the content of the ESC for accessing user access entity with Card sends the server of the ESC of trustship user to together.After certification access entity, server can be provided to access entity Access to the content of the ESC of user.
ESC can have several access levels(For example, multiple " internal safety boxs "), each access level has tightened up Authentication requesting, such as storing more sensitive data or user being allowed by data isolation to be available to some entities but right Other entities are unavailable.For example, entity A(For example, DMV)It can be allowed access to be stored in the data within the first access level (For example, electronic driver's license), but be not allowed access to be stored in the data within the second access level.Entity B(For example, enterprise Industry)The data being stored within the first access level and the second access level may be able to access that, for example, the electricity in first level Credit card information in sub- driving license and second level.
There are two types of access methods for ESC tools(For example, the both sides of " safety box "), one kind is for user(For example, ESC's is all Person)And one kind being used for access entity.For example, all security levels of ESC must can be accessed because of user, therefore user Any leakage of access credentials will all jeopardize the safety for the data being stored in all ranks of ESC.Therefore, user's access method User can be limited and only execute certain functions, for example, user can be only permitted addition content and be destroyed from ESC(For example, It is removed in the case of not checking)Content.Therefore, if the voucher of user is leaked, thief, which is actually unable in, enough checks ESC's Content, but at most can only add new data or destroy available data.On the other hand, access entity can be allowed to access storage Data within the authority levels of the ESC of access entity, but it may not be allowed to add or remove data.
In some instances, if not no proper authorization someone(Such as, it is intended to hacker)It attempts to access that content, then deposits The content stored up in ESC can be automatically destroyed.
Figure 1A depicts the expression of the exemplary electron safety container 100 according to the realization method of the disclosure.ESC 100 is anti- The secured data structure that Service Ticket set only accessing user content and being defined by the user defines.The Service Ticket set Define the one or more security levels 106 that must be met for authorizing the access to being stored in the content in ESC 100. Security level 1-4(106a-106d)Each of can be defined by Service Ticket that is different and being increasingly stringenter, and because More sensitive content can be stored in the more high security level of ESC 100 by this user.
User-defined Service Ticket set can include such as voucher, such as fingerprint, face recognition, retina or iris Identification, speech recognition(Such as voice prints or speech cipher), Social Security Number, password, digital watermarking, PIN number, NFC Code, QR codes, person's handwriting, based on mobile voucher(For example, Move Mode, muscle/bone bio-identification)Or any other appropriate class The safety or bio-identification voucher of type.Because of the owner(User)Their specific will be formed by defining which Service Ticket ESC 100, and preferably at least one of Service Ticket is unique for the owner(For example, bio-identification identifies Symbol), ESC 100 itself will be unique for each specific user.In some instances, user defines different Service Ticket Gather each security level of the ESC 100 to indicate user(For example, rank 106a to 106b).That is, in order to use Family acquisition is to being stored in the access of the content in ESC 100, content is added to ESC or changing the attribute of ESC(For example, strategy, Security level or Service Ticket), user must provide the user-defined set of credentials for particular security levels and include Each of Service Ticket.Therefore, only just know that given security level needs which type of Service Ticket inherently to authorize Voucher.That is, each user may need different number and/or the Service Ticket of type to access their ESC 100 Or the various security levels of their ESC 100.Each of in some implementations, or even authorized certificate set is presented Sequence used in voucher itself can also form a type of Service Ticket(For example, the password being made of security credence). In some examples, ESC 100 can be by using the Service Ticket of the user in user-defined Service Ticket set as use The content included in ESC 100 is encrypted with encryption key that content is encrypted.
For example, the first user can use their fingerprint, password and their vocal print(Not in particular order)Come Define ESC 100.And second user can use their Social Security Number, password, face recognition data and iris recognition Data(According to the particular order)To define ESC 100.Therefore, the first user and the respective ESC of second user are based not only on it Respective voucher(Bio-identification and other)But also the number of the Service Ticket based on the ESC 100 for defining each user Amount, type and sequence, and be unique for each user.
In some implementations, ESC 100 even can be together with user(For example, as user is ageing)Development.Example Such as, selected by user with define ESC 100 biometric authentication voucher can with user is ageing or change and periodically Or it is continuously updated.That is, for example, as user is ageing, the facial appearance of user will change, and therefore corresponding Service Ticket will as the time changes, and be spread and, and ESC 100 will as the time changes.Therefore, ESC 100 is at certain It can be considered as the shadow of user itself in meaning.
In addition, ESC 100 includes the set and Security mapping strategy 104 of delegated strategy 102.Delegated strategy 102 and safety Mapping policy 104 allows requestor(Such as it is another(Nonowners)User, enterprise, government organs)Access ESC from the user 100 content.Delegated strategy 102 allows user to describe the content which requestor is allowed access to ESC 100 from the user. For example, delegated strategy 102 can include the rule or program for allowing user to access ESC or the data included in ESC Set.For example, delegated strategy 102 can include the requestor for the content that mark is given access ESC 100 from the user User-defined accesses control list(ACL).It is allowed access in addition, delegated strategy 102 may include each requestor of mark The data of which security level 106 of ESC 100.
Although user may be able to access that the content in the ESC 100 for being stored in them, or pass through presentation user oneself The correct combination of Service Ticket to provide access to requestor, but in some implementations, user can be based on request Person's oneself(It is one or more)Service Ticket carrys out authorization requests person and accesses and ESC 100.In such realization method, safety Mapping policy 104 provide for define ESC 100 or ESC 100 particular security levels 106 user-defined certification with Card gathers the measure compared and relatively assess the Service Ticket of requestor.For example, Security mapping strategy 104 can include for it is fixed The user-defined Service Ticket set of the particular security levels 106 of adopted ESC 100 or ESC 100 assesses requestor compared to relatively Service Ticket rule or program set.More specifically, the Service Ticket that Security mapping strategy 104 will be provided by requestor Objective security intensity be attempt to the particular security levels 106 accessed with the requestor for defining ESC 100 or ESC 100 The objective security intensity of Service Ticket set of user be compared.In some instances, Security mapping strategy 104 includes using In the algorithm of the security intensity of the combination of assessment Service Ticket and security credence.
The owner of ESC needs not be personal.In some implementations, the owner of ESC can be entity(For example, The group of people, family, enterprise, tissue, government entity etc.).In such realization method, it can use directly and entity The combination of associated voucher and/or the Service Ticket of multiple members from entity defines ESC.For example, enterprise is possessed ESC can be by the fingerprint of fingerprint, CFO including CEO and the Service Ticket set of speech cipher and for the electricity of enterprise Son accesses card to define.Therefore, in order to which into ESC, perhaps modification is included in the content in ESC in addition, CEO and CFO are both Them must be provided respective voucher.
Figure 1B depicts another expression of the exemplary electron safety container 150 according to the realization method of the disclosure.ESC 150 Illustrate the modification of the ESC 100 shown by Figure 1A.ESC 150 includes 4 data capsule 106d-1 of two sseparated security levels And 106d-2.For example, in some implementations, user can be identical to define using different Service Ticket set(Or phase As)Multiple data capsules on security level.That is, for example, being defined using two different user credential set Both data capsule 106d-1 and 106d-2, each user credential set have similar security intensity.For example, user may wish It hopes the similar security level that driving license and both specific credit card informations for storing user are set, but may not wish Hope identical requestor that can access credit card and provide both information person and driving license.Therefore, user can be set with identical The voucher set(For example, PIN and thumbprint, according to the particular order)Define both data capsule 106d-1 and 106d-2, because This they will security intensity all having the same, but can be directed in security level 4 data capsule 106d-1 and 106d-2 It is each to define delegated strategy(For example, the set of rule or program), access is limited in only authorized requestor.Example Such as, user can indicate:Enterprise A is able to access that the data being stored in data capsule 106d-1(For example, credit card information), DMV is able to access that the data being stored in data capsule 106d-2(For example, driving license)And another user(For example, matching It is even)It is able to access that the data being stored in both data capsule 106d-1 and 106d-2.
Fig. 2 depicts the example system 200 for the realization method for being able to carry out the disclosure.System 200 can be used in generating, tie up Content in shield and access ESC 100.System 200 include strategic server 202, user apparatus 204, requestor's device 206 with And ESC reader devices 208 in some implementations.Strategic server 202, user apparatus 204, requestor's device 206 It is communicated by one or more networks 210 with each of ESC reader devices 208.
Strategic server 202 can be configured as generating, manage or storing one or more of one or more ESC 100 A computing device(For example, server).Strategic server 202 can have storage program and data(Such as operating system and one A or multiple application programs)Internal or external storage unit.For example, strategic server 202 can indicate various forms of clothes Business device system, including but not limited to web server, application server, proxy server, network server or server cluster. One or more application program can be implemented as given an order:The instruction is stored in storage unit, and is being performed When make one or more computing devices be generated according to user-defined parameter ESC 100 and to assess user or requestor's Service Ticket For providing the access to being stored in the content in ESC 100.In addition, strategic server 202 can be Cloud Server, and ESC 100 and its associated content can be stored.
User apparatus 204 and requestor's device 206 can be computing device, including such as mobile computing device(For example, moving Mobile phone, smart phone, personal digital assistant, tablet computer), laptop computer, netbook computer and including individual The desktop computer of the combination of computer, special purpose computer, all-purpose computer and/or special purpose computer and all-purpose computer.Meter It calculates each of device 204 and 206 usually and can have for storing data and program(Such as operating system and one or more Application program)Internal or external storage unit.In some instances, requestor's device 206 can be POS computing devices.With Family device 204 and requestor's device 206 can include the various input units that can receive Service Ticket, such as small key Disk, keyboard, fingerprint scanner, camera, microphone, touch screen and accelerometer.
ESC reader devices 208 can be the electronic device that can read the ESC 100 on ESC cards.For example, ESC reader devices 208 can be and another computing device(For example, user apparatus 204 or requestor's device 206)It is communicated Card reader.
Network 210 can provide strategic server 202, user apparatus 204, requestor's device 206 and ESC reader devices Direct or indirect communication link between 208.The example of network 210 includes internet, WWW, wide area network(WAN)Including Wireless LAN(WLAN)LAN(LAN), the wired and wireless telephone network of analog or digital, radio data network(Such as 3G and 4G networks), cable, satellite and/or any other delivery mechanism for delivering data.
ESC 100 can be realized on physics ESC cards(For example, as the microchip in smart chip card), user fill It sets on 204(For example, as the app on smart phone)Or on strategic server 202(For example, cloud trusteeship service).One In a little realization methods, ESC and its associated content are not stored at strategic server 202.For example, ESC 100 and its correlation The content of connection can be stored on physics ESC cards(For example, as the chip on standard identity certificate card)Or in user apparatus 204 On.In such realization method, strategic server 202 can be used in generating ESC 100 and manage the visit to ESC 100 It asks.For example, strategic server 202 can assess user and requestor's authorized certificate.In some instances, strategic server 202 It can safeguard and implement delegated strategy 102 and Security mapping strategy 104.
In some implementations, ESC 100 can be implemented as the application on user apparatus 204.For example, user can be with In their user apparatus 204(For example, smart phone)It is upper that there is ESC applications.User can use the finger of PIN number and they Line defines their ESC(An or security level of their ESC).In some instances, PIN number and fingerprint can be with tables Show the first security level of the ESC 100 of user, because two kinds of Service Ticket is used only in it.For example, user can incite somebody to action Credit card payment information is stored in this first security level of their ESC 100, is then come using the first security level The access to the payment information of daily purchase is provided to enterprise.In addition, user can be using one of two methods come to requestor (Such as enterprise)Access to being stored in the content in its ESC 100 is provided.A kind of method is that user is allowed to provide him to ESC applications Service Ticket, oneself access desired content(For example, credit card)And provide content to requestor(For example, via The Radio Link of respective application on to POS system).Second method is to allow user to authorize particular requester directly access to come from The ability of the content of the ESC 100 of user.For example, requestor is once the Service Ticket certification using requestor oneself, it is desired Content can be transmitted to the computing system of requestor(Such as POS system).
For example, user can access cafe and be desirable for being stored in the payment information in their ESC 100(Example Such as, credit card information)To pay their purchase.User can open the ESC 100 of they on their smart phone Using and user apparatus 204 and requestor's device 206(For example, the POS computer at cafe)Between establish communication.Example Such as, user apparatus 204 can establish the communication with requestor's device 206 by NFC.If cafe POS computer has phase The ESC answered is applied and input unit appropriate is to support the Service Ticket of reception user, then user is capable of providing certification appropriate Voucher(For example, PIN number and fingerprint)Access their ESC 100, and payment information can be by from user apparatus 204 ESC 100 be transmitted to requestor's device 206.For example, one establishes communication, POS computer can prompt salesman to ask user Their Service Ticket is presented.Then user can input their PIN number on the keypad for being attached to requestor's device 206 Code, and their fingerprint is supplied to the fingerprint reader for being attached to requestor's device 206.The third method is double authentication Method, wherein needing both Service Ticket of user and requestor to authorize requestor to being stored in the access of the content in ESC.
In another example, user can open the applications of the ESC on the user apparatus 204 of user, and be filled in user It sets to establish between 204 and requestor's device 206 and communicate.However, in this example, user may authorize cafe and directly visit Ask their ESC 100(Or the content at least in a security level of their ESC 100)Mandate.For example, generation There is provided themselves Service Ticket for user to access the payment information from ESC 100, requestor's device 206 can to Family device 204 sends access request.User apparatus 204 receives access request and verifies user with delegated strategy 102 and awarded Weigh the ESC 100 that cafe accesses user.In some instances, access request can be sent to strategic server 202 with In the verification carried out based on delegated strategy 102.In addition, access request may include being directed to requestor(For example, cafe)Recognize Demonstrate,prove voucher.The Service Ticket of requestor can be sent to strategic server 202 for being authenticated by user apparatus 204.
Other than the authenticity of verification cafe voucher, strategic server 202 can also calculate the certification of cafe with The security intensity of card.The security intensity of the Service Ticket of cafe and user can be directed to its ESC by strategic server 202 100(Or the security level 106 of the ESC 100 of requester requests access)The security intensity of Service Ticket be compared.At this In example, strategic server 202 will be the fingerprint and PIN number of the combination of the security intensity and user of the Service Ticket of cafe Security intensity be compared.If the Service Ticket of cafe does not have the combination for the Service Ticket for being at least equal to user The security intensity of security intensity, then strategic server 202 will refuse the access to the ESC 100 of user, therefore ensure that requestor Voucher meet user for accessing ESC 100(Or the particular security levels 106 of ESC 100)Minimum safe rank.Only Want the security level satisfaction of the Service Ticket of cafe or the security level of the Service Ticket more than user, strategic server 202 Access of the requestor's device 206 to the payment information of the user from ESC 100 will just be authorized.
Fig. 3 depicts the instantiation procedure 300 being able to carry out according to the realization method of the disclosure.In some instances, example Process 300 can be provided the one or more computer executable programs executed using one or more computing devices. In some examples, process 300 is performed to provide the access to being stored in the content in ESC.
The request for accessing the content being included in ESC is received from requestor(310).Acquisition is included in requester accesses The user of data in ESC agrees to(320).For example, the delegated strategy of ESC can indicate that authorization requests person accesses packet to user The data being contained in ESC.It can be by the identity of requestor and the data included in the delegated strategy of ESC(For example, access control List)It is compared.If user authorizes its authorization requests person agreement for accessing the content from ESC not yet, plan is such as authorized Slightly indicated, then the request to requestor's grant authorization can be sent to the user of ESC.
The request is authenticated based on the Service Ticket for requestor(330).For example, the request may include needle To the Service Ticket of requestor.The Service Ticket of requestor can be by such as certificate server certification.Determine that requestor is allowed to The authorizing secure rank of access(340).For example, it may be determined that whether the security intensity of the Service Ticket of requestor meets or is more than Access the security intensity needed for the security level of ESC.The security intensity of the security level of ESC can be based on the safety for defining ESC The security intensity of the user-defined Service Ticket set of rank determines.Safety in response to the Service Ticket for determining requestor Intensity meets or more than the security intensity accessed needed for ESC, and the access to the content included in ESC is provided to requestor (350).
Fig. 4 depicts the instantiation procedure 400 being able to carry out according to the realization method of the disclosure.In some instances, example Process 400 can be provided the one or more computer executable programs executed using one or more computing devices. In some examples, process 400 illustrates the more detailed of the process 300 for providing the access to being stored in the content in ESC 100 Thin example.
The request for accessing the content being included in ESC 100 is received from requestor(402).It is determined according to delegated strategy 102 Access the mandate of the requestor of one or more security level 106a-106d of ESC 100(404).Delegated strategy 102 can refer to Show whether user has authorized the agreement for requester accesses ESC 100(406).In some instances, delegated strategy 102 may be used also Which security level 106 of ESC that requestor is authorized to indicated.If delegated strategy 102 indicates that user awards not yet Content of the requester accesses from ESC 100 is weighed, then can send the request to requestor's grant authorization to the user of ESC.One The received request to authorization requests person, so that it may to require 100 users of ESC to provide the Service Ticket of user(408).Based on use The Service Ticket at family is authenticated user.After being certified, user can authorize comes from ESC 100 for requester accesses Content mandate(409).In addition, user, which can indicate that requestor will be authorized to from it, accesses the safety of the ESC 100 of content One or more of rank 106a-106d(410).
The identity of requestor is authenticated(412).For example, access request may include the Service Ticket of requestor.Please The Service Ticket for the person of asking can be authenticated by such as certificate server.It is strong for the Service Ticket calculating security level of requestor Degree(414).For example, security credence intensity algorithm can be included in the Security mapping strategy 104 of ESC 100.It can be based on Security mapping policing algorithm carrys out the security intensity of the Service Ticket of computation requests person.Security mapping strategy 104 may insure to ask The Service Ticket of person meets the minimum safe intensity of the various security levels to access ESC 100.For example, can be based on being used for The security intensity for defining each of the ESC 100 corresponding user-defined Service Ticket set of corresponding security level is visited to determine Ask the required security intensity of each security level of ESC 100.The security intensity of 100 security levels of each ESC can be deposited The part as Security mapping strategy 104 is stored up, Security mapping strategy is for example by strong by the safety of the Service Ticket of requestor The security intensity for spending 100 security levels of ESC for just seeking to access with requestor is compared and is carried out(416).
In response to determining that the security intensity of the Service Ticket of requestor meets or more than the appropriate safety level for accessing ESC 100 Not required security intensity provides the access to the content included in the security level of ESC 100 to requestor (418).
The realization method of the operation and theme that describe in the present specification can realize with digital electronic circuitry, or Person is with computer software, firmware or hardware(It is included in the description disclosed structure and its equivalent structures)It realizes, or Person is realized with one or more combination.The realization method of theme described in this specification, which can use, to be calculated On machine storage medium coding for executed by data processing equipment or to control one of operation of data processing equipment or Multiple computer programs(That is, one or more modules of computer program instructions)To realize.Alternatively, or additionally, program Instruction can be coded on manually generated transmitting signal, for example, electric signal, optical signal or electromagnetic signal that machine generates, It is generated is used for transmission suitable acceptor device so that data processing equipment executes to carry out coding to information.Computer Storage medium can be following every or be included in following items:Computer readable storage means computer-readable are deposited Store up substrate, random or serial access memory array or device or one or more combination.Although in addition, meter Calculation machine storage medium is not transmitting signal, but computer storage media can be encoded in manually generated transmitting signal The source or destination of computer program instructions.Computer storage media can also be following every or be included in following items In:One or more individually physical unit or media(For example, multiple CD, disk or other storage devices).
Operation described in this specification can be implemented as by data processing equipment to being stored in one or more calculating The operation of data or the data execution received from other sources in machine readable storage devices.
Term " data processing equipment " covers the unit and machine of all kinds for handling data, as showing Example include programmable processor, computer, system on chip or it is aforementioned in it is multiple or combination.Equipment can include special logic Circuit system, such as FPGA(Field programmable gate array)Or ASIC(Application-specific integrated circuit).In addition to hardware, the equipment is also Can include the code of performing environment being created for the computer program considered, such as constitute processor firmware, protocol stack, number According to base management system, operating system, cross-platform runtime environment, virtual machine or in which one or more combinations generation Code.Equipment and performing environment can realize a variety of different computation model infrastructure, such as web services, Distributed Calculation and net Lattice computing basic facility.
Computer program(Also referred to as program, software, software application, script or code)Programming language that can be in any form Speech is write, including compiling or interpretative code, statement or procedural language, and it can be disposed in any form, including as only Found program or as module, component, subprogram, object or other units being suitable for use in computing environment.Computer program can With but not necessarily correspond to the file in file system.Program can be stored in the one of the file for preserving other programs or data In part(For example, being stored in one or more of marking language document script), in the list for the program for being exclusively used in considering In a file, or in multiple coordination files(For example, the file of the part of the one or more modules of storage, subprogram or code) In.Computer program can be deployed in a computer or positioned at a website or across the distribution of multiple websites and by logical It is executed in the multiple stage computers of communication network interconnection.
Process and logic flow described in this specification can pass through execution of such as getting off:The programmable processing of one or more Device executes one or more computer programs to execute action by being operated to input data and generating output.Process It can also be executed by special purpose logic circuitry with logic flow, and equipment can also be implemented as dedicated logic circuit system System, the special purpose logic circuitry is, for example, FPGA(Field programmable gate array)Or ASIC(Application-specific integrated circuit).
As an example, the processor for being adapted for carrying out computer program includes both general and special microprocessors and appoints Any one or more processors of the digital computer of which kind of class.In general, processor will be from read-only memory or arbitrary access Memory or both receives instruction and data.The element of computer may include the processor for being acted according to instruction execution with And for storing instruction with one or more memory devices of data.In general, computer will also be including for storing data One or more mass storage devices, or operation coupling is to receive data from one or more mass storage devices or incite somebody to action For data transfer to one or more mass storage devices or both, one or more mass storage devices are, for example, magnetic Disk, magneto-optic disk or CD.However, computer need not have such device.Furthermore it is possible to which computer is embedded in another dress In setting, such as mobile phone, personal digital assistant(PDA), Mobile audio frequency or video player, game console, global location System(GPS)Receiver or portable memory(For example, universal serial bus(USB)Flash drive), only lift several examples Son.The device for being suitable for storing computer program instructions and data includes the nonvolatile memory of form of ownership, medium and deposits Storage device includes as example:Semiconductor memory system, such as EPROM, EEPROM and flash memory device;Disk, example Such as internal hard drive or moveable magnetic disc;Magneto-optic disk;And CD-ROM and DVD-ROM disks.Processor and memory can be by special Logic circuitry is supplemented or is incorporated in special purpose logic circuitry.
In order to provide the interaction with user, the realization method of theme described in this specification can be with for that will believe Breath is shown to the display device of user(For example, CRT(Cathode-ray tube)Or LCD(Liquid crystal display)Monitor)And user is logical The keyboard and indicator device of input can be provided to computer by crossing it(For example, mouse or trace ball)Computer on realize.Its The device of his type also can be used in providing the interaction with user;For example, it can be any type of to be supplied to the feedback of user Sensory feedback, such as visual feedback, audio feedback or touch feedback;And it can be in any form(Including sound, voice or touch Feel input)Receive input from the user.In addition, computer can by device used by a user send document and from Described device receives document and is interacted with user;For example, by response to being connect from the web browser on the client terminal device of user The request that receives and webpage is sent to the web browser.
The realization method of theme described in this specification can realize in computer systems, the computer system packet Include back-end component(For example, such as data server), or including middleware component(For example, application server), or including Front end component(For example, being used by the figure that it can be interacted with the realization method of theme described in this specification with user The client computer of family interface or Web browser)Or back-end component as one or more, middleware component or preceding Any combinations of end pieces.The component of system can pass through any form or medium of digital data communications(Such as communication network) To interconnect.The example of communication network includes LAN(“LAN”)And wide area network(“WAN”), internet(For example, internet)With And peer-to-peer network(For example, self-organizing peer-to-peer network).
Computing system can include client and server.Client and server is generally remote from each other, and typically It is interacted by communication network.The relationship of client and server is by means of operating on corresponding computer and having each other There is the computer program of client-server relation and generates.In some implementations, server is by data(For example, HTML The page)It is sent to client terminal device(For example, being received for the user's display data interacted with client terminal device and from user Purpose input by user).The data generated at client terminal device can be received from client terminal device at server(Example Such as, the result of user's interaction).
Although this specification includes many concrete implementation mode details, these are not construed as to the disclosure Any realization method or the content that can be claimed range limitation, but be construed to specific to sample implementation Feature description.In the present specification, the certain features described under the background of separated realization method also can be in combination It is realized with single realization method.On the contrary, the various features described under the background of single realization method also can dividually or with Any suitable sub-portfolio is realized with multiple realization methods.In addition, although upper region feature may be described as closing with certain groups It acts on and is even initially claimed like this, but the one or more features from combination claimed are at some In the case of can be cut off from the combination, and combination claimed can be related to the modification of sub-portfolio or sub-portfolio.
Similarly, although depicting operation in a particular order in the accompanying drawings, this be not construed as need with Shown particular order or desired to realize to be operated as consecutive order execution or execute the operation of all diagrams As a result.In some cases, it may be advantageous for multitask and parallel processing.In addition, each in realization method described above The separating of kind of system unit be not construed as being required in all realization methods it is such separate, and it should be understood that Described program element and system usually can be integrated in single software product or be encapsulated into multiple software product together In.
Therefore, it has been described that the specific implementation of theme.Other are realized in the range of following claims.One In the case of a little, the action enumerated in claim can be executed in different order and still realize desired result.In addition, The process described in attached drawing is not necessarily required to shown particular order or consecutive order to realize desired result.In certain realities In existing mode, it may be advantageous for multitask and parallel processing.

Claims (20)

1. a kind of electronic security(ELSEC) container(ESC), including:
Electronic device, including:
User-defined Service Ticket set, including uniquely at least one voucher, the Service Ticket set are fixed for user The security level of ESC of the justice for providing the access to being stored in the content in the ESC;
Delegated strategy, authentication requesting of the definition at least one requestor;And
Security mapping strategy, by requestor's Service Ticket from least one requestor be converted to security intensity with It is compared in the security intensity of the security level of the ESC.
2. ESC according to claim 1, wherein the security level is the first security level, and the user defines Service Ticket set be first group of user-defined Service Ticket set, and the ESC further includes:
The Service Ticket set that second user defines comprising for the unique at least one voucher of user, the second Service Ticket The second security level of ESC of the set definition for authorizing the access to being stored in the content in the ESC.
3. ESC according to claim 2, wherein the security intensity of second security level is more than first safety The security intensity of rank.
4. ESC according to claim 1, wherein the electronic device is Cloud Server.
5. ESC according to claim 1, wherein the electronic device is mobile computing device.
6. ESC according to claim 1, wherein the electronic device is the microchip on chip card.
7. ESC according to claim 1, wherein Service Ticket set includes the ordered set of two or more Service Ticket It closes.
8. ESC according to claim 1, wherein the authentication requesting at least one requestor includes mark institute State the data of the one or more security levels for the ESC that requestor is allowed access to.
9. ESC according to claim 1, wherein the Security mapping strategy includes minimum safe intensity, the requestor Service Ticket must satisfy the minimum safe intensity to access the one or more safety that the requestor is authorized to Each of rank.
10. ESC according to claim 1, wherein the delegated strategy includes that mark is allowed access to come from the ESC Content requestor accesses control list.
11. a kind of computer implemented method executed by one or more processors, the method includes:
It is received from requestor and is included in electronic security(ELSEC) container to accessing(ESC)In content request;
The user that the data for the requester accesses included in the ESC are obtained by one or more of processors is same Meaning;
Agree in response to obtaining the user, by Service Ticket of one or more of processors based on the requestor come really Whether the fixed request is believable;
Determined by one or more of processors the security intensity of the Service Ticket of the requestor whether meet or more than with The associated security intensity of security level of the ESC, the Service Ticket set that the security level of the ESC is defined by the user are fixed Justice, the user-defined Service Ticket set include for the unique at least one voucher of user;
The safety of security intensity satisfaction in response to the Service Ticket of the determination requestor or the security level more than the ESC Intensity provides the access to the content included in the security level of the ESC to the requestor.
12. according to the method for claim 11, wherein obtain and the requester accesses are included in the ESC The user of data agrees to:The authorized requester accesses of the user are verified based on the delegated strategy of the ESC Data included in the ESC.
13. according to the method for claim 11, wherein obtain and the requester accesses are included in the ESC The user of data agrees to:
The mandate for content of the requester accesses from the ESC is asked to the user;And
The user for receiving mandate of the instruction for content of the requester accesses from the ESC inputs.
14. according to the method for claim 13, wherein the user, which inputs, indicates that the requestor can be out of its access One or more security levels of the ESC held.
15. according to the method described in claim 7, wherein it is determined that whether the security intensity of the Service Ticket of the requestor is full Include enough or more than security intensity associated with the security level of the ESC:
The security intensity of the Service Ticket of the requestor is determined based on the Security mapping strategy of the ESC;
Determine security intensity associated with the user-defined Service Ticket set of security level of ESC is defined;And
By the security intensity of the security intensity of the Service Ticket of the requestor and the user-defined Service Ticket set into Row compares.
16. a kind of system, including:
One or more processors;And it is coupled to the data repository of one or more of processors, the data storage Library has the instruction stored on it, and described instruction makes one or more of when being executed by one or more of processors Processor execution includes the operation of the following terms:
It is received from requestor and is included in electronic security(ELSEC) container to accessing(ESC)In content request;
Obtain user's agreement that the requester accesses are included in the data in the ESC;
Agree in response to obtaining the user, determines whether the request is credible based on the Service Ticket of the requestor 's;
Determine whether the security intensity of the Service Ticket of the requestor meets or associated more than with the security level of the ESC Security intensity, the Service Ticket set definition that the security level of the ESC is defined by the user, the user-defined certification with Card set includes for the unique at least one voucher of user;
The safety of security intensity satisfaction in response to the Service Ticket of the determination requestor or the security level more than the ESC Intensity provides the access to the content included in the security level of the ESC to the requestor.
17. system according to claim 16, wherein obtain and the requester accesses are included in the ESC The user of data agrees to:The authorized requester accesses of the user are verified based on the delegated strategy of the ESC Data included in the ESC.
18. system according to claim 16, wherein obtain and the requester accesses are included in the ESC The user of data agrees to:
The mandate for content of the requester accesses from the ESC is asked to the user;And
The user for receiving mandate of the instruction for content of the requester accesses from the ESC inputs.
19. system according to claim 18, wherein the user, which inputs, indicates that the requestor can be out of its access One or more security levels of the ESC held.
20. system according to claim 16, wherein determine whether the security intensity of the Service Ticket of the requestor is full Include enough or more than security intensity associated with the security level of the ESC:
The security intensity of the Service Ticket of the requestor is determined based on the Security mapping strategy of the ESC;
Determine security intensity associated with the user-defined Service Ticket set of security level of ESC is defined;And
By the security intensity of the security intensity of the Service Ticket of the requestor and the user-defined Service Ticket set into Row compares.
CN201680050188.8A 2015-06-30 2016-06-30 Electronic security(ELSEC) container Pending CN108351924A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201562186726P 2015-06-30 2015-06-30
US62/186726 2015-06-30
PCT/US2016/040298 WO2017004326A1 (en) 2015-06-30 2016-06-30 Electronic security container

Publications (1)

Publication Number Publication Date
CN108351924A true CN108351924A (en) 2018-07-31

Family

ID=57609133

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680050188.8A Pending CN108351924A (en) 2015-06-30 2016-06-30 Electronic security(ELSEC) container

Country Status (6)

Country Link
US (1) US20170006066A1 (en)
EP (1) EP3317801A4 (en)
JP (1) JP2018524727A (en)
CN (1) CN108351924A (en)
CA (1) CA2991154A1 (en)
WO (1) WO2017004326A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114422246A (en) * 2022-01-20 2022-04-29 国家药品监督管理局信息中心(中国食品药品监管数据中心) Data reading method and system and electronic equipment

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11068567B2 (en) 2017-06-04 2021-07-20 Harsha Ramalingam Self-owned authentication and identity framework
US11165786B2 (en) * 2018-12-18 2021-11-02 International Business Machines Corporation Remote assistance controller that provides control over what a remote assistor can access
US11165777B2 (en) 2019-05-30 2021-11-02 Bank Of America Corporation Controlling access to secure information resources using rotational datasets and dynamically configurable data containers
US11138328B2 (en) 2019-05-30 2021-10-05 Bank Of America Corporation Controlling access to secure information resources using rotational datasets and dynamically configurable data containers
US11153315B2 (en) 2019-05-30 2021-10-19 Bank Of America Corporation Controlling access to secure information resources using rotational datasets and dynamically configurable data containers
US11281794B2 (en) * 2019-09-26 2022-03-22 Microsoft Technology Licensing, Llc Fine grained access control on procedural language for databases based on accessed resources
JP7441157B2 (en) 2020-11-06 2024-02-29 株式会社東芝 Data management methods, computer programs and data management systems
US20220198861A1 (en) * 2020-12-18 2022-06-23 Sensormatic Electronics, LLC Access control system screen capture facial detection and recognition

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070186106A1 (en) * 2006-01-26 2007-08-09 Ting David M Systems and methods for multi-factor authentication
US20130174241A1 (en) * 2011-06-28 2013-07-04 Interdigital Patent Holdings, Inc. Automated negotiation and selection of authentication protocols
US20140366128A1 (en) * 2013-05-30 2014-12-11 Vinky P. Venkateswaran Adaptive authentication systems and methods
US20150058931A1 (en) * 2013-08-23 2015-02-26 Morphotrust Usa, Llc System and Method for Identity Management

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6263446B1 (en) * 1997-12-23 2001-07-17 Arcot Systems, Inc. Method and apparatus for secure distribution of authentication credentials to roaming users
JP2003263623A (en) * 2002-03-11 2003-09-19 Seiko Epson Corp Recording medium and reader/writer for recording medium and method for using recording medium
JP2004192353A (en) * 2002-12-11 2004-07-08 Nippon Telegr & Teleph Corp <Ntt> Personal information disclosure control system and its method
US20050081055A1 (en) * 2003-10-10 2005-04-14 Bea Systems, Inc. Dynamically configurable distributed security system
US7966489B2 (en) * 2006-08-01 2011-06-21 Cisco Technology, Inc. Method and apparatus for selecting an appropriate authentication method on a client
JPWO2009101755A1 (en) * 2008-02-13 2011-06-09 日本電気株式会社 Personal information distribution control system and personal information distribution control method
US9026918B2 (en) * 2008-10-16 2015-05-05 Accenture Global Services Limited Enabling a user device to access enterprise data
US10165007B2 (en) * 2011-09-15 2018-12-25 Microsoft Technology Licensing, Llc Securing data usage in computing devices
US9378359B2 (en) * 2011-10-11 2016-06-28 Citrix Systems, Inc. Gateway for controlling mobile device access to enterprise resources
US8745718B1 (en) * 2012-08-20 2014-06-03 Jericho Systems Corporation Delivery of authentication information to a RESTful service using token validation scheme
JP2014134986A (en) * 2013-01-11 2014-07-24 Hitachi Ltd Biological authentication method
US9424421B2 (en) * 2013-05-03 2016-08-23 Visa International Service Association Security engine for a secure operating environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070186106A1 (en) * 2006-01-26 2007-08-09 Ting David M Systems and methods for multi-factor authentication
US20130174241A1 (en) * 2011-06-28 2013-07-04 Interdigital Patent Holdings, Inc. Automated negotiation and selection of authentication protocols
US20140366128A1 (en) * 2013-05-30 2014-12-11 Vinky P. Venkateswaran Adaptive authentication systems and methods
US20150058931A1 (en) * 2013-08-23 2015-02-26 Morphotrust Usa, Llc System and Method for Identity Management

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114422246A (en) * 2022-01-20 2022-04-29 国家药品监督管理局信息中心(中国食品药品监管数据中心) Data reading method and system and electronic equipment

Also Published As

Publication number Publication date
EP3317801A4 (en) 2018-07-18
CA2991154A1 (en) 2017-01-05
WO2017004326A1 (en) 2017-01-05
US20170006066A1 (en) 2017-01-05
EP3317801A1 (en) 2018-05-09
JP2018524727A (en) 2018-08-30

Similar Documents

Publication Publication Date Title
CN108351924A (en) Electronic security(ELSEC) container
US11176553B2 (en) Method and system providing peer effort-based validation
US11588804B2 (en) Providing verified claims of user identity
CN108351927A (en) For access management without cipher authentication
BR112018007449B1 (en) COMPUTING DEVICE, COMPUTER IMPLEMENTED METHOD AND COMPUTER READABLE MEMORY DEVICE
JP2018537022A (en) System and method for managing digital identities
US20140089189A1 (en) System, method, and apparatus to evaluate transaction security risk
US11599665B2 (en) Controlling access to a secure computing resource
CN105229596A (en) High level of authentication technology and application
EP3681126B1 (en) Systems and methods for securely verifying a subset of personally identifiable information
US11956364B2 (en) Information processing device and information processing method
CN110383240A (en) The method and apparatus of safe computing resource for containerization
US9239936B2 (en) System, method, and apparatus to mitigaterisk of compromised privacy
US11423403B2 (en) Systems, methods, and computer program products for authorizing a transaction
KR20220120593A (en) Methods and systems for digital proof
CN110352411A (en) Method and apparatus for controlling the access to safe computing resource
US20240144275A1 (en) Real-time fraud detection using machine learning
EP3132366B1 (en) Controlling actions performed on de-identified patient data of a cloud based clinical decision support system (cdss)
US11860992B1 (en) Authentication and authorization for access to soft and hard assets
KR102601098B1 (en) Method and device for providing voucher approval information
Pannifer Alternative authentication–what does it really provide?

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180731

WD01 Invention patent application deemed withdrawn after publication